Need help getting a web page to start a server.

Wont let me add the solved tag, say's im over the max. Removing 2 tags did not help.

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

One of my game servers keeps going offline and so I want to give the users the ability to bring it back up.
The easiest way I could think of is to create a web page that would execute a bash
script. Here is the code I used.

<?php

if ($_GET['run']) {
  $old_path = getcwd();
  chdir('/home/warmc/servers/snapshot/');
  
  $output = shell_exec("./teststart.sh");
  echo $output;

  chdir($old_path);
}
?>


<a href="?run=true">Click Me!</a>

My web page works and will execute the script but all it does is echo to the webpage.
I thought maybe it was because the web page user needs root access and I found a source that suggested adding the following to the sudoers file.

 www-data ALL=NOPASSWD: /path/to/script

The problem is that when trying to use visudo from Webmin Command Shell I get this.

 [host@Username ~]# visudo Error opening terminal: unknown. 
 visudo: /etc/sudoers.tmp unchanged 
 [host@Username ~]#

So how do I edit the sudoers file?
Am I on the right track?

Well, it's not the way I would do it.

I would create a cron script and run the script from cron to check if the game server is up and running and then restart if it has stopped.

For example in crontab:

* * * * * /usr/bin/nice -n 19 /usr/local/neo/bin/check_apache > /dev/null 2>&1

Then script like this, for example:

$ cat /usr/local/neo/bin/check_apache 


#!/bin/sh 

/bin/ps ax | grep apache2 | grep -v grep  > /dev/null

if [ $? -ne 0 ]; 
then 
/usr/sbin/service apache2 start > /dev/null 2>&1 
else
 /bin/ps ax | grep mysqld | grep -v grep  > /dev/null
 if [ $? -ne 0 ]; 
 then
    /usr/sbin/service mysql start > /dev/null 2>&1 
 fi 
fi 

I did think of that but we are trying to make everything controlled by web interface and this is just one small part of a larger project yet to come.

Putting sudo scripts embedded in php code at user clicks is not advisable nor desirable.
It is a major security issue and should be treated like that.

Why not use existing tools, which have agents and API(s) at your disposal.
Include those in your project if you require such actions.
Restarts, deployments will be transparent to user, not dependent on application itself and fairly secure.

If you really need user interaction for such tasks, otherwise cron is fine, and best would be to see why application needs to be restarted

Hope that helps
Regards
Peasant.

Hmmm.

I used to think that way, but without really great serve-side sys admin skills you may be creating unnecessary security risks. Even guys like me with a decades of years experience on the server side, do not use the web to do superuser-required tasks. It just takes one mistake and you could lose your server and your data.

Yes, you can kludge solutions together which will work, but they will leave you vulnerable to major security risks.

I suggest you do this with a cron file, to insure your game servers are running, and move on to other tasks

Never, in the spirit of creating a "perfect solution" do things which leave your server vulnerable. After you have done 100 tasks and written 29999 lines of code, you will forget all the insecure code you wrote and you will have problems later on.

Why make problems for yourself when you can do the same thing in a more secure way which will not expose you to security risks?

Amen!

If i have learned anything in the nearly fourty years i work in IT it is this: if there is a problem, DO NOT create a workaround - solve the problem instead! Workarounds may be implemented faster sometimes but they inadvertently come back to haunt you and most probably they bite you in the behind in the least convenient moment.

Instead of creating ways to faster restart the server find out why it needs to be restarted. Your description ("...one of our servers...") implies that it is just one server, not the other ones. So, where is the difference? What is special in this server so that it keeps crashing the application? Have you considered reinstalling it from scratch?

In your place i'd investigate this instead of finding ways to selectively poking holes into my server security.

I hope this helps.

bakunin

Dudes, this is a minecraft server. I dont really care about security, ive lost everything multiple times before due to hosting issues and I gotta tell you it wasn't the end of the world. The community adapted.

My issue now is that we are running the latest snapshot servers and they are really unstable. They shut down randomly because of updates or bugs and there is nothing I can do about that. Now my server managers really would like to be able to start / stop servers through a web app rather than having to login and go to cron jobs all the time. They already have RCon at their disposal but that doesn't help them start the servers after they have been stopped. Now a few simple buttons with start, stop, restart is probably not so much of a security risk and let them hack me if they want to waste their time cause there's no secure info kept on these servers.

No worries.

If you need to start and stop, then that's a different story.

I would do this with a PHP script with HTTP authentication (.htaccess) and a userid and password in the PHP login script.

Yep, got all that but its still not working.

It needs to be restarted because its a minecraft snapshot server which means it is still in development, they are not full stable release versions. My community likes to play on snapshot servers because it gives them a preview into what's coming in the next full release. So as you see, there is nothing I can do about the server shutting down except report it to mojang as I regularly do.

Why would they have to login? The cronjob is doing the job right? Have it check every 5 minutes or so and you should be fine. Am I missing the point here?
Also, I am agreeing here that you are neglecting the problem...

First, let's try hosting a website using your personal computer with the Windows operating system.
Step 1: Install the WAMP Software.
Step 2: Using WampServer.
Step 3: Creating an HTML Page.
Step 4: Configure MySQL.
Step 5: Make the Site Public.
Step 6: Using a Domain Name.
Step 1: Install Software.
Step 2: Check PHP.
This is the best technique for solving the Web page to start server.

or you could install webmin

Marck
The LAMP is already working and the script obviously runs because I get output on my screen but possibly doesn't start the server because its running in the wrong directory or needs permissions to execute the screen command, how could a windows box help?

Thanks jgt, I already have webmin installed but it doesn't provide what we need. Though I welcome your post as it may help others. On a side note, don't use webmin for secure servers with secure data.

Setting up a secure LAMP server and writing a user id and password authentication form is NOT rocket science.

Why so much churn over a simple basic technology which is used my millions upon millions of people daily?

Neo, read the initial post, its not about web auth.

I have solved this now. I was on the right track but had to add www-data as a sudoer which is what I was having problems with as webmin wont allow you to do it. You must be using ssh or on the server directly. The other thing required is that www-data have a valid password.

Yes, I read all the posts.

Adding www-data to sudoers in not a very secure way to so this; and it is not the way I would do this and I have been doing this for more than 15 years.

You are making your web-server user id run at super user privileges; and this is not secure.

But, you seem to not want to listen to people with 15 years experience doing what you are trying to do for the first time, so I think better I do not help you; since I have done what you are trying to do many, many times, and have never, ever given a web server super user privs for any task.

Some people just simply like to do things in insecure, not well designed ways; and not listen to those who have done it correctly and securely many times

Good luck!

Note: For anyone else reading this thread in the future. Never run your web server user id (uid) with root privileges or sudo privs (as in the "solution" in this post). Never do it. It is a huge security risk you do not want nor need to ever do. A web server should never run as root or as sudo root or otherwise.

I will second that note. I am 39 years old, have been running windows based servers for around 25 years, I have a certificate 3 and 4 in networking with security components, about half way through my bachelor of comp sci and about to take on my diploma in networking. I have taken steps to completely isolate my servers on the network, including but not limited to multiple gateways, routing, firewalls and port management. Do not do what I am doing as it will open up not only your server but your entire network to attack.

NEO: Please don't be mad with me, I do understand and I do welcome your advice however as mentioned before, I am not concerned with the security issues of privately hosted public minecraft servers.

------ Post updated at 01:42 AM ------

I would like to propose a more secure way of doing this, which after some testing I have found works just as well. Rather than adding www-data to the sudoers, simply use php to write to a file and have a script monitor that file for changes. The limitation is that a script would likely be run on a cron job which I think the minimum interval is 1 minute. If you would like more help with this method, please create a new thread.

Here is the php code to write to the file.

<?php

if ($_GET['start']) {
  $old_path = getcwd();
  chdir('/my/path/');
  
  # This code will run if ?run=true is set.  
  $output = shell_exec("echo 'start' > ./operations.txt"); # You can also use >> to append.
  echo $output;

  chdir($old_path);
}
?>


<!-- This link will add ?run=true to your URL, myfilename.php?run=true -->
<a href="?start=true" color="green">start</a>

The first thing you should do is to insure you have SSH set up for your entire web server and no non HTTPS traffic is permitted.

The second thing you must do it to set up basic apache2 security to require an htpasswd user id and login for basic authentication access to your web server.

The third thing you must do it so set up iptables so only the handful of IP addresses you control are permitted to even connect to the web server.

These are the bare minimum requirements.

Then, on the PHP side, you do not need to use sudo if you set it up correctly. No good web server admin sets up their web server with the user id of the web server (in your case www-data ) in the sudoers file. There are better and more secure ways to do it.... but as you said, you don't care about security, so why should we waste our time.

There is no excuse for setting up apache2 and PHP on a LAMP server in an insecure way; when it can easily be done securely and correctly.

One last point, I'm not angry in the least. I don't have emotions when others do things wrong or in a very insecure way on their servers. In fact, after decades on the net, I don't get angry, upset, or have any emotion about anything in these or other forums or sites; but we admins and moderators will enforce rule violations, and so far you have not broken any rules, LOL . Thank you for always following the forum rules. Much appreciated.

In general, I am concerned about cybersecurity, professionally speaking.

Cheers and good luck!

PS: If you truly have a web server where you do not care in the least about security, then just set up apache2 to run with the userid of root and not www-data and be done with it. LOL.... then you can do whatever you want, insecurely as you like Easy.

We have all of that except for the IP tables as some of the managers are on dynamic IP's. Admittedly I could look at the range they are being assigned and restrict it to that subnet but too much work for too little benefit. It's all working now and im switching to the file method I mentioned above as I was only using www-data as a sudoer because I could find no other option.